Rename "references" to "reference" to match the expected template info structure

Related nuclei tickets: * #259 - dynamic key-value field support for template information * #940 - new infos in template * #834 * RES-84
2021-08-18 14:29:20 +03:00 · 2021-08-18 14:29:20 +03:00 · 4c920b2552
parent a6068214ac
commit 4c920b2552
25 changed files with 25 additions and 27 deletions
--- a/cves/2019/CVE-2019-12725.yaml
+++ b/cves/2019/CVE-2019-12725.yaml
@ -9,7 +9,7 @@ info:
    found in ZeroShell 3.9.0 in the "/cgi-bin/kerbynet" url.
    As sudo is configured to execute /bin/tar without a password (NOPASSWD)
    it is possible to run root commands using the "checkpoint" tar options.
-  references: |
+  reference: |
    - https://www.tarlogic.com/advisories/zeroshell-rce-root.txt
    - https://github.com/X-C3LL/PoC-CVEs/blob/master/CVE-2019-12725/ZeroShell-RCE-EoP.py
  tags: cve,cve2019,rce
--- a/cves/2019/CVE-2019-15858.yaml
+++ b/cves/2019/CVE-2019-15858.yaml
@ -11,8 +11,7 @@ info:
    before 2.2.5 for WordPress allows unauthenticated options import,
    as demonstrated by storing an XSS payload for remote code execution.

-    Source/References:
-    - https://github.com/GeneralEG/CVE-2019-15858
+  reference: https://github.com/GeneralEG/CVE-2019-15858
  tags: cve,cve2019,wordpress,wp-plugin,xss

 requests:
--- a/cves/2019/CVE-2019-6112.yaml
+++ b/cves/2019/CVE-2019-6112.yaml
@ -5,7 +5,7 @@ info:
  author: dwisiswant0
  severity: medium
  description: A Cross-site scripting (XSS) vulnerability in /inc/class-search.php in the Sell Media plugin v2.4.1 for WordPress allows remote attackers to inject arbitrary web script or HTML via the keyword parameter (aka $search_term or the Search field).
-  references: https://github.com/graphpaperpress/Sell-Media/commit/8ac8cebf332e0885863d0a25e16b4b180abedc47#diff-f16fea0a0c8cc36031ec339d02a4fb3b
+  reference: https://github.com/graphpaperpress/Sell-Media/commit/8ac8cebf332e0885863d0a25e16b4b180abedc47#diff-f16fea0a0c8cc36031ec339d02a4fb3b
  tags: cve,cve2019,wordpress,wp-plugin,xss

 requests:
--- a/cves/2020/CVE-2020-17506.yaml
+++ b/cves/2020/CVE-2020-17506.yaml
@ -6,7 +6,7 @@ info:
  severity: critical
  description: Artica Web Proxy 4.30.00000000 allows remote attacker to bypass privilege detection and gain web backend administrator privileges through SQL injection of the apikey parameter in fw.login.php.
  tags: cve,cve2020
-  references: https://blog.max0x4141.com/post/artica_proxy/
+  reference: https://blog.max0x4141.com/post/artica_proxy/

 requests:
  - method: GET
--- a/cves/2020/CVE-2020-2551.yaml
+++ b/cves/2020/CVE-2020-2551.yaml
@ -17,8 +17,7 @@ info:
    Successful attacks of this vulnerability can result
    in takeover of Oracle WebLogic Server.

-    Source/References:
-    - https://github.com/hktalent/CVE-2020-2551
+  reference: https://github.com/hktalent/CVE-2020-2551
  tags: cve,cve2020,oracle,weblogic,rce

 requests:
--- a/cves/2020/CVE-2020-27986.yaml
+++ b/cves/2020/CVE-2020-27986.yaml
@ -8,7 +8,7 @@ info:
                SonarQube 8.4.2.36762 allows remote attackers to discover cleartext SMTP,
                SVN, and GitLab credentials via the api/settings/values URI.
                NOTE: reportedly, the vendor's position for SMTP and SVN is "it is the administrator's responsibility to configure it."
-  references: https://csl.com.co/sonarqube-auditando-al-auditor-parte-i/
+  reference: https://csl.com.co/sonarqube-auditando-al-auditor-parte-i/
  tags: cve,cve2020,sonarqube

 requests:
--- a/cves/2020/CVE-2020-4463.yaml
+++ b/cves/2020/CVE-2020-4463.yaml
@ -10,7 +10,7 @@ info:
    A remote attacker could exploit this vulnerability to expose
    sensitive information or consume memory resources.

-  references: |
+  reference: |
    - https://www.ibm.com/support/pages/security-bulletin-ibm-maximo-asset-management-vulnerable-information-disclosure-cve-2020-4463
    - https://github.com/Ibonok/CVE-2020-4463
  tags: cve,cve2020,ibm,xxe
--- a/cves/2020/CVE-2020-7318.yaml
+++ b/cves/2020/CVE-2020-7318.yaml
@ -10,7 +10,7 @@ info:
    script or HTML via multiple parameters where the administrator's entries
    were not correctly sanitized.

-    References:
+    reference:
    - https://swarm.ptsecurity.com/vulnerabilities-in-mcafee-epolicy-orchestrator/
  tags: cve,cve2020,xss

--- a/cves/2020/CVE-2020-8209.yaml
+++ b/cves/2020/CVE-2020-8209.yaml
@ -9,7 +9,7 @@ info:
    Citrix XenMobile Server 10.11 before RP4, Citrix XenMobile Server 10.10
    before RP6 and Citrix XenMobile Server before 10.9 RP5 and leads to the ability to read arbitrary files.

-    References:
+    reference:
    - https://swarm.ptsecurity.com/path-traversal-on-citrix-xenmobile-server/
  tags: cve,cve2020,citrix,lfi

--- a/cves/2021/CVE-2021-24176.yaml
+++ b/cves/2021/CVE-2021-24176.yaml
@ -5,7 +5,7 @@ info:
  author: Ganofins
  severity: medium
  description: JH 404 Logger WordPress plugin through 1.1 doesn't sanitise the referer and path of 404 pages, when they are output in the dashboard, which leads to executing arbitrary JavaScript code in the WordPress dashboard.
-  references: |
+  reference: |
      - https://wpscan.com/vulnerability/705bcd6e-6817-4f89-be37-901a767b0585
      - https://wordpress.org/plugins/jh-404-logger/
  tags: cve,cve2021,wordpress,wp-plugin,xss
--- a/exposures/tokens/generic/shoppable-token.yaml
+++ b/exposures/tokens/generic/shoppable-token.yaml
@ -4,7 +4,7 @@ info:
  name: Shoppable Service Auth Token
  author: philippedelteil
  severity: info
-  references: https://ask.shoppable.com/knowledge/quick-start-api-guide
+  reference: https://ask.shoppable.com/knowledge/quick-start-api-guide

 requests:
  - method: GET
--- a/technologies/bolt-cms-detect.yaml
+++ b/technologies/bolt-cms-detect.yaml
@ -6,7 +6,7 @@ info:
  severity: info
  description: Detects bolt CMS
  tags: tech,bolt,cms
-  references:
+  reference:
    - https://github.com/bolt/bolt

 requests:
--- a/technologies/bookstack-detect.yaml
+++ b/technologies/bookstack-detect.yaml
@ -6,7 +6,7 @@ info:
  severity: info
  description: Detects BookStack
  tags: tech,bookstack
-  references: https://github.com/BookStackApp/BookStack
+  reference: https://github.com/BookStackApp/BookStack

 requests:
  - method: GET
--- a/technologies/grav-cms-detect.yaml
+++ b/technologies/grav-cms-detect.yaml
@ -6,7 +6,7 @@ info:
  severity: info
  description: Detects Grav CMS
  tags: tech,grav,cms
-  references: https://github.com/getgrav/grav
+  reference: https://github.com/getgrav/grav

 requests:
  - method: GET
--- a/technologies/mautic-crm-detect.yaml
+++ b/technologies/mautic-crm-detect.yaml
@ -6,7 +6,7 @@ info:
  severity: info
  description: Detects Mautic CRM
  tags: tech,mautic,crm
-  references:
+  reference:
    - https://github.com/mautic/mautic

 requests:
--- a/technologies/moinmoin-detect.yaml
+++ b/technologies/moinmoin-detect.yaml
@ -6,7 +6,7 @@ info:
  severity: info
  description: Detects MoinMoin Wiki
  tags: tech,moin,moinmoin,wiki
-  references:
+  reference:
    - https://github.com/moinwiki/moin-1.9

 requests:
--- a/technologies/octobercms-detect.yaml
+++ b/technologies/octobercms-detect.yaml
@ -6,7 +6,7 @@ info:
  severity: info
  description: Detects OctoberCMS
  tags: tech,octobercms
-  references: https://github.com/octobercms/october
+  reference: https://github.com/octobercms/october

 requests:
  - method: GET
--- a/technologies/opencast-detect.yaml
+++ b/technologies/opencast-detect.yaml
@ -6,7 +6,7 @@ info:
  severity: info
  description: Detects Opencast
  tags: tech,opencast
-  references:
+  reference:
    - https://github.com/opencast/opencast

 requests:
--- a/technologies/plone-cms-detect.yaml
+++ b/technologies/plone-cms-detect.yaml
@ -6,7 +6,7 @@ info:
  severity: info
  description: Detects Plone CMS
  tags: tech,plone,cms
-  references:
+  reference:
    - https://github.com/plone/Products.CMFPlone

 requests:
--- a/technologies/rhymix-cms-detect.yaml
+++ b/technologies/rhymix-cms-detect.yaml
@ -6,7 +6,7 @@ info:
  severity: info
  description: Detects Rhymix CMS
  tags: tech,rhymix
-  references: https://github.com/rhymix/rhymix
+  reference: https://github.com/rhymix/rhymix

 requests:
  - method: GET
--- a/technologies/shopware-detect.yaml
+++ b/technologies/shopware-detect.yaml
@ -6,7 +6,7 @@ info:
  severity: info
  description: Detects Shopware CMS
  tags: tech,shopware,cms
-  references:
+  reference:
    - https://github.com/shopware/shopware
    - https://github.com/shopware/platform

--- a/technologies/strapi-cms-detect.yaml
+++ b/technologies/strapi-cms-detect.yaml
@ -6,7 +6,7 @@ info:
  severity: info
  description: Detects strapi CMS
  tags: tech,strapi,cms
-  references:
+  reference:
    - https://github.com/strapi/strapi

 requests:
--- a/technologies/wazuh-detect.yaml
+++ b/technologies/wazuh-detect.yaml
@ -6,7 +6,7 @@ info:
  severity: info
  description: Detects wazuh
  tags: tech,wazuh
-  references:
+  reference:
    - https://github.com/wazuh/wazuh

 requests:
--- a/vulnerabilities/other/mcafee-epo-rce.yaml
+++ b/vulnerabilities/other/mcafee-epo-rce.yaml
@ -12,7 +12,7 @@ info:
    making it possible to upload arbitrary files
    to arbitrary directories or overwrite existing ones during archive extraction.

-    References:
+    reference:
    - https://swarm.ptsecurity.com/vulnerabilities-in-mcafee-epolicy-orchestrator/
  tags: mcafee,rce

--- a/vulnerabilities/wordpress/wordpress-wpcourses-info-disclosure.yaml
+++ b/vulnerabilities/wordpress/wordpress-wpcourses-info-disclosure.yaml
@ -6,7 +6,7 @@ info:
  severity: high
  description: Critical Information Disclosure on WP Courses plugin < 2.0.29 exposes private course videos and materials
  tags: wordpress,plugin
-  references: |
+  reference: |
      - https://www.exploit-db.com/exploits/48910
      - https://www.redtimmy.com/critical-information-disclosure-on-wp-courses-plugin-exposes-private-course-videos-and-materials/